Esempio n. 1
0
        public void PostConfigure(string name, OpenIdConnectOptions options)
        {
            var idpClient = _clientFactory.CreateClient("IDPClient");

            // Read out the discovery document.  This isn't required, but it avoids having
            // to hard-code the token endpoint URL.
            var discoveryDocument = idpClient.GetDiscoveryDocumentAsync().Result;

            if (discoveryDocument.IsError)
            {
                throw new Exception(discoveryDocument.Error);
            }

            options.Events = new OpenIdConnectEvents()
            {
                // other configuration
                OnAuthorizationCodeReceived = context =>
                {
                    var token = _tokenGenerator.CreateSignedToken(
                        "webclientjwt",
                        discoveryDocument.TokenEndpoint);

                    context.TokenEndpointRequest.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
                    context.TokenEndpointRequest.ClientAssertion     = token;

                    return(Task.CompletedTask);
                }
            };
        }
        public async Task <IActionResult> GetTokenWithPrivateKeyJWT()
        {
            var idpClient = _httpClientFactory.CreateClient("IDPClient");

            var discoveryDocumentResponse = await idpClient.GetDiscoveryDocumentAsync();

            if (discoveryDocumentResponse.IsError)
            {
                throw new Exception(discoveryDocumentResponse.Error);
            }

            var signedToken = _tokenGenerator.CreateSignedToken("api1jwtclient", discoveryDocumentResponse.TokenEndpoint);

            var tokenResponse = await idpClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
            {
                Address  = discoveryDocumentResponse.TokenEndpoint,
                ClientId = "api1jwtclient",
                Scope    = "api1.fullaccess",

                ClientAssertion =
                {
                    Type  = OidcConstants.ClientAssertionTypes.JwtBearer,
                    Value = signedToken
                }
            });

            if (tokenResponse.IsError)
            {
                throw new Exception(tokenResponse.Error);
            }

            // call API with the access token
            var client = _httpClientFactory.CreateClient("APIClient");

            client.SetBearerToken(tokenResponse.AccessToken);

            var result = await client.GetStringAsync("api/claims");

            ViewBag.Json = JArray.Parse(result.ToString());

            return(View("ApiResult"));
        }